Method for checking the integrity of data, system and mobile terminal

ABSTRACT

The invention relates to a method for checking the integrity of a message transmitted between a sender in a transmitting end and a recipient in a receiving end, in which method an authentication value is calculated for the first message and a random string is generated. According to a method in the transmitting end an authentication value is generated from a message to be sent and the random string. A check code is formed from the authentication value and the random sting. The first message is transferred from a sender to a recipient through a first channel, and the check code is transferred through a second secure channel. In the receiving end a message is received through a first channel and the check code is received through a second secure channel. In the receiving end an authentication check formed at least based of the received message. The integrity of the received message is checked by comparing the predetermined check values in the receiving end.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The invention relates to a method for checking the integrity ofdata transmitted. More closely the invention relates to a method forchecking the integrity of data transmitted with an out-of-band checkcode.

[0003] 2. Description of Related Art

[0004] Data transmission through different kinds of networks isincreasing very rapidly. As a result, more and more private and secretdata is transferred through the networks. This kind of data is forexample credit card numbers and such. It is very important to be surethat data or a message received is from a correct sender. In addition,it is very important to be sure that nobody has changed the data in thetransmission path so that the correct information is transmitted to therecipient.

[0005] Many times data is meant to devices connected to network forcontrolling the operation of the devices. This kind of devices can forexample be network elements and terminals. Especially, in many cases itis necessary to distribute so called bootstrap information to networkdevices. Here the bootstrap information means data, which is used forbringing a certain system into a desired state for a certain operation.This kind of information is for example provisioned data, which containinformation relating to network operation, like server addresses andCertification Authority certificates. When transmitting this kind ofinformation the security becomes very important. If a person notentitled to the information changes the data and forwards it to theterminal, the consequences can be serious in the network. Whentransmitting this kind of information it is also very important to besure that data is correct.

[0006] Generally, the requirements from security point of view are thatthe data comes from a correct sender and that the data has not beenchanged in the transmission path, as said earlier. Usually, it is used aterm verify the authenticity to represent the verification of the senderand a term integrity to represent if the message or data has beenchanged in the transmission path or not. These terms are also used inthe following parts of this description.

[0007] Different kinds of methods have been developed to transmit datain a secure way from the sender to the recipient. Almost withoutexceptions these methods always base on algorithms, which are used forencrypting and decrypting the message so that only the correct senderand the correct recipient are able to find out the content of themessage. Many times these algorithms are based on so called private andpublic key pair method. In this method the sender creates both of thekeys and delivers the public key to persons concerned. The private keyis kept secret from everybody. A message, which is encrypted with apublic key, is possible to decrypt only with a corresponding privatekey.

[0008] As well, different other kinds of methods have been developed toachieve a needed security in data transmission. If we consider forexample provisioning of the bootstrap type data, especially over theair, like in mobile telecommunication, it has been proposed a MAC(Message Authentication Code) based verification method. In MAC basedverification method a MAC code is appended to the message. Typically MACis a string of bits, which depends in some specified way on the messageit is to be appended and on a secret key known both by the sender and bythe recipient of the message. The code to be appended to the message canfor example be a block, which is formed with a Secure Hash Algorithm(SHA). The combination of the message and the MAC code is transmittedthrough an unreliable channel. By word unreliable channel it is meant achannel, which is not secure for data transmission because anyone canmonitor the data sent through the transmission path. For decrypting thereceived data a MAC key is also delivered to the recipient.Advantageously, the MAC key is delivered through out-of-band channel andit is based on a user input. In a typical situation the user input is apassword.

[0009] This kind of MAC based verification method has a problem that ifthe password is not long enough, it can be processed from thecombination of the message and the MAC code by means of computer by anattacker. A possible way to do this is to try all possible passwordsuntil one is found with which the calculated MAC code based on thepassword and the MAC code transmitted along with the message match witheach other. When the password is found the attacker can generate a newmessage, which will be successfully verified by the recipient. If theoriginal data is changed and the new data is used for original purposes,it can cause serious consequences.

[0010] To minimize the risk that an attacker finds out the password thelength of the password can be increased. If the number of bits in thepassword is big enough it takes longer time to find out the MAC code andthe objective is that it takes too long time to find out the content ofthe message and change it.

[0011] Another problem in the MAC based verification method, especiallyapplied in the bootstrap information type data, is that in many casesthe bootstrap information is global (e.g. provisioning addresses,Certification Authority certificate), but the MAC code requires that themessage is personalized, because of the passwords.

[0012] One method in practice, which is used for checking the validityof certification authority certificates, is to display a fingerprint,like a complete hash code, of the Certification Authority certificatesand ask the user to check it. The user can check the displayedfingerprint by comparing it to a certificate, which is got from anewspaper or from the Internet or such. This method is quite secure inprinciple, but requires activity from the user.

SUMMARY OF THE INVENTION

[0013] The object of the invention is to present a new method forchecking the integrity of a received message. Another object of theinvention is to present a system, which uses the method according to theinvention. A third object is to present a mobile terminal, which usesthe method according to the invention for checking the integrity of areceived message.

[0014] The objects of the invention are achieved by transmitting amessage through a first channel and integrity checking values through asecond secure channel from a sender to a recipient and performing theintegrity checking in a predetermined way in the receiving end.

[0015] The method for checking the integrity of a first messagetransmitted between a sender in a transmitting end and a recipient in areceiving end, in which method an authentication value is calculated forthe first message and a random string is generated, is characterized bythat

[0016] the first message is transmitted from the sender to the recipientthrough a first channel and

[0017] the authentication value and the random string are transmitted tothe recipient through a second secure channel for checking the integrityof a received message in the receiving end.

[0018] The system for checking the integrity of a first messagetransmitted between a sender in a transmitting end and a recipient in areceiving end, in which the system comprises means for calculating anauthentication value for the first message and means for generating arandom string, is characterized by that in the transmitting end thesystem comprises

[0019] means for forming a check code by combining the authenticationvalue and the random string,

[0020] means for transferring the first message from the sender to therecipient through the first channel, and

[0021] means for transferring said check code from said sender to saidrecipient through the second secure channel,

[0022] and in the receiving end the system comprises

[0023] means for separating said authentication value and said randomstring from said check code,

[0024] means for generating an authentication check from the receivedmessage and from either said random string or said authentication value,and

[0025] means for comparing said authentication check with either saidauthentication value or said random string not used in the generation ofsaid authentication check for checking the integrity of said receivedmessage compared to the first message.

[0026] The mobile terminal for checking the integrity of a messagereceived, into which mobile terminal a first message is sent,characterized in that the mobile terminal comprises

[0027] means for receiving a message,

[0028] input means for inputting a check code of the first messagereceived through a secure channel into said mobile terminal,

[0029] means for separating an authentication value and a random stringfrom said check code of said first message,

[0030] means for generating an authentication check from said receivedmessage and from either said authentication value or said random string,and

[0031] means for comparing said authentication check with either saidauthentication value or said random string not used in the generation ofsaid authentication check for checking the integrity of said receivedmessage compared to the first message.

[0032] Advantageous embodiments of the invention are described independent claims.

[0033] According to the invention the integrity and authentication of amessage is checked in a new way. The message is transmitted through afirst channel to the recipient. The message does not contain any kind ofauthentication value. The integrity and authentication of the message ischecked so that a check code is calculated in the transmitting end andtransmitted to the recipient through another channel. The other channelis chosen so that it is secure enough for transferring confidentialdata. In the receiving end the message is checked with the check code. Asystem according to the invention comprises means for performing theoperations relating to the method. A mobile terminal according to theinvention comprises means for checking the integrity of the messagereceived by using the check code.

BRIEF DESCRIPTION OF THE DRAWINGS

[0034]FIG. 1 illustrates a preferred embodiment of the invention in thetransmitting end,

[0035]FIG. 2 illustrates a method according to a preferred embodiment ofthe invention in the transmitting end,

[0036]FIG. 3a illustrates a first preferred embodiment of the inventionin the receiving end,

[0037]FIG. 3b illustrates a second preferred embodiment of the inventionin the receiving end,

[0038]FIG. 4 illustrates a method according to a preferred embodiment ofthe invention in the receiving end,

[0039]FIG. 5 illustrates a simplified arrangement according to theinvention,

[0040]FIG. 6 illustrates a system according to the invention, and

[0041]FIG. 7 illustrates a block diagram of a mobile terminal accordingto the invention.

[0042] Same reference numerals are used for similar entities in thefigures.

DETAILED DESCRIPTION OF THE INVENTION

[0043]FIG. 1 illustrates a way of calculating required information formaking sure that the information is from the correct sender. Accordingto the invention a message 101 is formed. In addition to the message 101a key 102 is also formed. Advantageously, the key 102 is a randomstring, which consists of a predetermined number of digits or bits. Thenumber of these is not restricted anyhow. The message 101 and the key102 are used for generating an authentication value 103, like MAC. Theauthentication value 103 is derived from the message 101 and the key 102with mathematical operations. By combining the key 102 and theauthentication value 103 a check code 104 can be derived. The firstmessage 101 and the check code 104 are transmitted from the sender torecipient through different channels.

[0044] In FIG. 2 it is illustrated the method according to the inventionin the transmitting end. In the first step 201 a message 101 to be sentis formed. The message 101 comprises for example bootstrap informationor any other kind of information, in which the integrity is important.In the method according to the invention a random string is generated inthe second step 202. The random string can be generated by means of arandom number generator. In the preferred embodiment of the invention anew random string, which can also be called a key 102, is generatedalways when sending a new message 101. Naturally, it is also possible touse the same random string with all messages 101 but this means that thesecurity in this method is not as good as in the method according to thepreferred embodiment. In the next step 203 of the method according tothe invention an authentication value 103 is calculated. Theauthentication value 103 can for example be a MAC code. Theauthentication value 103 is calculated by using an algorithm. Thealgorithm can be such as secure hash algorithm (SHA), which is widelyapplied in encryption applications. Advantageously, the algorithmgenerates the authentication value 103 so that it uses the message 101and/or the random string as parameters for mathematical operations.

[0045] To generate a data by means of which the integrity of the message101 can be checked the authentication value 103 and the random stringare combined in step four 204 producing a check code 104. This can bedone in many ways. In the simplest case these values are combined toeach other by adding the random string after the authentication value103 or vice versa. In another embodiment of the invention a sort ofarithmetic operation is used for combining the values. The values canalso be combined any other way than shown here. To a man skilled in theart it is obvious that the authentication value 103 and the randomstring are conversed to such a number system that the mathematicaloperation in the combination can be performed. Finally, the firstmessage 101 is transferred through a first channel 205, which can be anykind of channel available. The channel needs not to be secure. Thechannel can for example be created over the Internet. Correspondingly,the check code 104 is transmitted to the recipient through anotherchannel 206, which channel according to the invention is a secure oneand advantageously out-of-band. By word out-of-band it is meant achannel through which the message is not transmitted. The out-of-bandchannel can be formed through different entities than through which themessage is transmitted.

[0046] To a man skilled in the art it is obvious that at least a part ofthe method steps described above can be performed concurrently or inother order than described in FIG. 2. As well it is obvious that thetransmission of the random string and the authentication value 103 canalso be performed separately so that they are not combined in thetransmitting end.

[0047]FIG. 3a illustrates the operations in the receiving end accordingto the first embodiment of the invention. A second message 150 isreceived through a first channel. The check value 104 is receivedthrough a second channel. The authentication value 103 and the randomstring are separated. The random string and the received message 150 areused as parameters to generate an authentication check 151. Theauthentication check and the authentication value 103 are compared inthe receiving end to determine the integrity of the message and toauthenticate the correct sender.

[0048]FIG. 3b illustrates the operations in the receiving end accordingto the second embodiment of the invention. A second message 150 isreceived through a first channel. The check value 104 is receivedthrough a second channel. The authentication value 103 and the randomstring are separated. The authentication value 103 and the receivedmessage 150 are used as parameters to generate an authentication check151. The authentication check and the random string are compared in thereceiving end to determine the integrity of the message and toauthenticate the correct sender.

[0049] In FIG. 4 it is shown a method according to the invention in thereceiving end of the transmission path. First, a second message 101 andthe check code 104 are received 301, 302. From the check code 104received it is extracted 304 the original random string and the originalauthentication value 103. This is achieved by an inverse operation tothe operation done in the transmitting end. In the simplest case therandom string and the authentication value 103 can be just separatedbecause advantageously it is known by the sender and the recipient howmany numbers the random string and correspondingly the authenticationvalue 103 comprise. The recipient can be sure that the random string andthe authentication code 103 are original because they were transmittedthrough a secure channel. This kind of secure channel can for example bea telephone line. An authentication check 151 is calculated 303 from thesecond message and either the random string or the authentication value103 got from the check code 104 received. Advantageously, thecalculation method or algorithm for the authentication check 151 isagreed between the sender and the recipient in advance. After theauthentication check 151 is calculated from the message 150, theauthentication check 151 is compared with either the authenticationvalue or the random string not used in the generation of theauthentication check 151 for checking the integrity of the secondmessage compared to the first message. If the compared values are equal,it means that the message 101 received is original and it is accepted306. If the comparison is unequal, the message 101 has changed in thetransmission path and it is rejected 307. To a man skilled in the art itis obvious that the authentication check 151 is a new random stringvalue or a new authentication value, which authentication check 151 iscompared to the original random string or to the original authenticationvalue.

[0050] One advantage of the invention is that the key or the randomstring and the authentication value 103 can be relatively short sincethey are transferred through the secure out-of-band channel, which meansthat a third party cannot change them during the transmission. Thesecurity of the out-of-band channel is based on transparency, whichmeans that a third party is not able to see the data to be transmitted.

[0051] Next we consider the invention applied in a telecommunicationsystem. As an example we describe the invention applied in the WAP(Wireless Application Protocol) system. In the WAP system it is possibleto use Internet with a mobile terminal. The Internet browser useswireless mark-up language (WML) and lightweight mark-up language. Bythese means the Internet application is based on text and no picturesare transmitted. In FIG. 5 it is shown a simplified arrangement of thesystem, which uses WAP. Here the mobile terminal 401 comprises means forreceiving and transmitting information from the Internet network. Inaddition, the mobile terminal 401 comprises display means for showinginformation. The mobile terminal 401 is connected to a mobile network402 through a radio interface. If the user of the mobile terminal 401wants to get connected to the Internet, it is possible through themobile network 402. The mobile terminal 401 uses WAP protocol throughthe mobile network 402 to a WAP server 403, which is connected to theWorld Wide Web (WWW) 444. The WAP server 403 is arranged to adapt theWAP protocol and the WWW protocols so that the WWW services can be usedin the mobile terminal 401. As can be seen, the WAP, which specifies anapplication framework and network protocols for wireless terminals,brings the Internet content and advanced data services to wirelessterminals. To a man skilled in the art it is known that WAP can workacross differing wireless network technologies and bearer types (GSM,CDMA, SMS).

[0052] When using WAP services, the user has to order the services fromWAP service providers. Especially, in case where the user wants to get anew WAP service, he or she must get information about the serveraddresses and such so that the mobile terminal 401 contacts the rightserver when using the service in question. According to one embodimentof the invention the user calls to a helpdesk of the service provider toinitiate a WAP service. The helpdesk registers the user by entering userinformation as well as the telephone number to a database. After theinformation needed is entered the system is arranged to calculate thecheck code. The check code is formed from the random string, which isgenerated by the service provider, and from the authentication value.The authentication value can be calculated by using a certain algorithmwhere the parameters are for example the message and the random string,as described earlier. The check code is told to the user by thehelpdesk. Advantageously, the check code is short, like 8 digits. Afterthis the helpdesk sends the data provisioned, like the server addresses,to the user's mobile terminal 401 as an SMS message, for example.According to this embodiment of the invention the user inputs the checkcode received from the help desk to the mobile terminal 401. The mobileterminal 401 separates the authentication value and the random stringfrom the check code. After this the mobile terminal 401 is arranged tocalculate an authentication check with the same algorithm, which wasused in the transmitting end to generate the authentication value. Thereceived message and either the random string or the authenticationvalue are used as parameters for the algorithm in the mobile terminal401. The authentication check and the one of the authentication valueand the random string not used in the generation of the authenticationcheck are compared in the mobile terminal 401 to each other. If thesevalues are equal, the mobile terminal 401 activates the provisioningdata.

[0053] According to another embodiment of the invention, the mobileterminal 401 views the authentication check on display so that the usercan compare the check code received from the helpdesk with it. If theyare equal, the user accepts the received data in a predetermined manner.In other case the user deletes the message. When the message isactivated the user can use the WAP services of the service provider.

[0054] According to another preferred embodiment of the invention theuser gets the check code from the Internet. The user for example choosesa web page of the service provider of the WAP services. The user fills aform and registers in such a way to service providers database. Afterthe registration the service provider generates the check code andtransmits it through the Internet to the user. In transmission it isused some sort of encryption method so that the transmission is secure.One this kind of method can be for example a SSL (Secure Sockets Layer).SSL is a program layer, which is created for Internet purposes forachieving security of message transmission in Internet. One applicationof the SSL uses the public-and-private key encryption system. This meansthat the user and the service provider of the WAP services have made anagreement of the encryption beforehand. By means of this the check codecan be delivered from the service provider to the user in a securemanner through the Internet. After the user has received a messagecontaining bootstrap information to the mobile terminal 401 he or shecan generate an authentication check in the same manner as describedabove and proceed the comparison as described earlier. To a man skilledin the art it is obvious that also the Internet capabilities of themobile terminal 401 can be used in the same way. The user connects tothe Internet with the mobile terminal through the WAP services and getsthe check code there. The connection is arranged to be secure forexample in the same way as described above. After the check code and themessage are received the authentication and the integrity can be checkedin the mobile terminal 401 in the same way as described before.

[0055] Generally, the system according to the invention shown in FIG. 6comprises means for sending and receiving data. In the transmitting end620 the system comprises means 601 for calculating an authenticationvalue for a message to be sent and means for generating a random string.According to the invention the system in the transmitting end 620 alsocomprises means 603 for forming a check code by combining theauthentication value and the random string. It comprises means 604 fortransferring the first message from the sender to the recipient throughthe first channel. This kind of means 604 can for example be an e-mailsoftware or such. Advantageously, these means 604 are a mobile terminal,such as a WAP terminal by means of which it is possible to transmit andreceive short messages (SMS). In addition, the system comprises means605 for transferring the check code from the sender to the recipientthrough the second secure channel. This kind of means 605 can forexample be a phone or an arrangement by means of which it is possible toform a secure channel between the sender and the recipient. In thereceiving end 630 the system according to the invention comprises means610 for separating said authentication value and said random string fromsaid check code. This can be achieved by means of software orelectronics. The system also comprises means 611 for generating anauthentication check from the received message and from either therandom string or the authentication value and means 612 for comparingthe authentication check with either the authentication value or therandom string not used in the generation of the authentication check forchecking the integrity of the received message compared to the firstmessage. Advantageously, these means 611, 612 are carried out by dataprocessing means, such as a microprocessor, and software.

[0056]FIG. 7 shows a block diagram of a mobile terminal according to apreferred embodiment of the invention. The mobile terminal comprises amicrophone 701, keyboard 707, display 706, earpiece 714, antennaduplexer or switch 708, antenna 709 and a control unit 705, which allare typical components of conventional mobile communication means.Further, the mobile terminal contains typical transmission and receiverblocks 704, 711, which are used for sending and receiving data, likemessages. Transmission block 704 comprises functionality necessary forspeech and channel coding, encryption, and modulation, and the necessaryRF circuitry for amplification of the signal for transmission. Receiverblock 711 comprises the necessary amplifier circuits and functionalitynecessary for demodulating and decryption of the signal, and removingchannel and speech coding. The signal produced by the microphone 701 isamplified in the amplifier stage 702 and converted to digital form inthe A/D converter 703, whereafter the signal is taken to the transmitterblock 704. The transmitter block encodes the digital signal and producesthe modulated and amplified RF-signal, whereafter the RF signal is takento the antenna 709 via the duplexer or switch 708. The receiver block711 demodulates the received signal and removes the encryption andchannel coding. The resulting speech signal is converted to analog formin the D/A converter 712, the output signal of which is amplified in theamplifier stage 713, whereafter the amplified signal is taken to theearpiece 714. The control unit 705 controls the functions of the mobilecommunication means, reads the commands given by the user via the keypad707 and displays messages to the user via the display 706. In addition,the mobile terminal comprises input means for inputting a check code ofthe first message received through a secure channel into said mobileterminal. The input means can for example be the keyboard 707. With thefirst message it is meant a message, which is sent by the sender to themobile terminal. The mobile terminal also comprises means 730 forseparating an authentication value and a random string from the checkcode of the first message. It also comprises means 731 for generating anauthentication check from the received message and from either theauthentication value or the random string and means 732 for comparingthe authentication check with either the authentication value or therandom string not used in the generation of the authentication check forchecking the integrity of the received message compared to the firstmessage. To a man skilled in the art it is obvious that by means of amobile terminal according to the invention, it is possible to check ifthe received message is the same as the message sent. Means 730, 731,732 can advantageously be realized with a microprocessor in the controlunit 705 and software. In one preferred embodiment of the invention themobile terminal is used in WAP applications. By means of the inventionit is possible to check if the data received, like the WAP serveraddresses, are correct and from the correct sender.

[0057] To a man skilled in the art it is obvious that the content of themessage can comprise any other information than bootstrap information.The mobile terminal can be any kind of terminal in which it is possibleto apply the present invention. The mobile terminal can for example besuch as mobile telephones, pagers and personal digital assistants. Theinvention can be applied also in other data transmission applicationsthan in WAP.

[0058] Generally, in view of the foregoing description it will beevident to a person skilled in the art that various modifications may bemade within the scope of the invention. While the preferred embodimentsof the invention have been described in detail, it should be apparentthat many modifications and variations thereto are possible, all ofwhich fall within the true spirit and scope of the invention.

1. A method for checking the integrity of a first message transmittedbetween a sender in a transmitting end and a recipient in a receivingend, in which method an authentication value is calculated for the firstmessage and a random string is generated, characterized in that thefirst message is transmitted from the sender to the recipient through afirst channel and the authentication value and the random string aretransmitted to the recipient through a second secure channel forchecking the integrity of a received message in the receiving end.
 2. Amethod according to claim 1, characterized in that the authenticationvalue is generated from the first message and the random string in thetransmitting end.
 3. A method according to claim 1, characterized inthat the authentication value and the random string are combined as acheck code in the transmitting end.
 4. A method according to claim 3,characterized in that the authentication value and the random string areseparated from the check code in the receiving end.
 5. A methodaccording to claim 1, characterized in that in the receiving end anauthentication check is generated from the received message and fromeither the random string or the authentication value.
 6. A methodaccording to claim 5, characterized in that in the receiving end theauthentication check is compared with either the authentication value orthe random string not used in the generation of the authentication checkfor checking the integrity of the received message compared to thetransmitted message.
 7. A method according to claim 1, characterized inthat the second secure channel is out-of-band.
 8. A method according toclaim 1, characterized in that in the transmitting end a first messageis formed, a random string is generated, an authentication value isgenerated from said first message and said random string, a check codeis formed by combining said authentication value and said random string,said first message is transferred from the sender to the recipientthrough the first channel, and said check code is transferred from saidsender to said recipient through the second secure channel.
 9. A methodaccording to claim 8, characterized in that in the receiving end amessage is received through a first channel, the check code is receivedthrough a second secure channel, the authentication value and the randomstring are separated from said check code, an authentication check isgenerated from the received message and from either said random stringor said authentication value, and said authentication check is comparedwith either said authentication value or said random string not used inthe generation of said authentication check for checking the integrityof said received message compared to the first message.
 10. A methodaccording to claim 1, characterized in that the message containsbootstrap information.
 11. A system for checking the integrity of afirst message transmitted between a sender in a transmitting end and arecipient in a receiving end, in which the system comprises means forcalculating an authentication value for the first message and means forgenerating a random string, characterized in that in the transmittingend the system comprises means for forming a check code by combining theauthentication value and the random string, means for transferring thefirst message from the sender to the recipient through the firstchannel, and means for transferring said check code from said sender tosaid recipient through the second secure channel, and in the receivingend the system comprises means for separating said authentication valueand said random string from said check code, means for generating anauthentication check from the received message and from either saidrandom string or said authentication value, and means for comparing saidauthentication check with either said authentication value or saidrandom string not used in the generation of said authentication checkfor checking the integrity of said received message compared to thefirst message.
 12. A system according to claim 11, characterized in thatthe system comprises the operations of the WAP (Wireless ApplicationProtocol) system.
 13. A mobile terminal for checking the integrity of amessage received, into which mobile terminal a first message is sent,characterized in that the mobile terminal comprises means for receivinga message, input means for inputting a check code of the first messagereceived through a secure channel into said mobile terminal, means forseparating an authentication value and a random string from said checkcode of said first message, means for generating an authentication checkfrom said received message and from either said authentication value orsaid random string, and means for comparing said authentication checkwith either said authentication value or said random string not used inthe generation of said authentication check for checking the integrityof said received message compared to the first message.
 14. A mobileterminal according to claim 13, characterized in that it is WAP(Wireless Application Protocol) terminal.